Is there a way to redirect to another action class without using on struts.xml

Question

I have many classes created in my Struts application. I did not check whether logged in condition in any of the classes. Instead I have extended a base action class.

Answer 1

You can use a Filter. It will be a lot more transparent than requiring all your classes to extend your BaseAction.

Edit

You would map this filter in your web.xml file, so it would be executed before the Struts controller servlet.

<filter>
   <filter-name>AuthorizationFilter</filter-name>
   <filter-class>my.company.AuthorizationFilter</filter-class>
</filter>

<filter-mappging>
    <filter-name>AuthorizationFilter</filter-name>
    <servlet-name>StrutsActionServlet</servlet-name>
</filter-mapping>

Or by URL pattern:

<filter-mapping>
    <filter-name>AuthorizationFilter</filter-name>
    <url-pattern>*.do</url-pattern>
</filter-mapping>

Edit

You have changed the question, and it appears it's struts 2 you're using after all. In that case, you can write an interceptor instead of a filter. It would basically do the same, but an interceptor can be configured along with the rest of your struts configuration.

Answer 2

Looks like you want to check in the constructor of the base action class, but you are mistaken. The constructor is used by the object factory to instantiate your action instance. In this stage a few things is available to you. In your case it's wrong. Another approach is if you move the logic into the method say execute() and call super.execute() before any method call would work, but if you forget to put the super call in the action then you may end up the action code running not authenticated. To prevent it you should run the code before any action is executed and be able to access the action instance or action context to be more Struts2. I guess you've never read the book "Struts 2 in Action" so I will give you some my own thoughts. It's about creating AuthenticationInterceptor and the action that implements UserAware that injects the user logged in into the action that implement this interface. The interceptor is looks like

public class AuthenticationInterceptor implements Interceptor {

public void destroy() {
}

public void init() {
}

public String intercept(ActionInvocation actionInvocation) throws Exception {
    Map session = actionInvocation.getInvocationContext().getSession();
    User user = (User) session.get(Struts2MyConstants.USER);

    if (user == null) {
        return Action.LOGIN; //login required result
    }               
    else {              
        Action action = (Action)actionInvocation.getAction();

        if (action instanceof UserAware) {
            User freshUser = myService.getUser(user.getId());
            ((UserAware)action).setUser(freshUser);
        }

        System.out.println("Logged in: interceptor");
        return actionInvocation.invoke();
    }
}

The UserAware is looks like

public interface UserAware {

    public void setUser( User user );

}

and make a secure default stack that will reference any action

<interceptors>
  <interceptor name="authenticationInterceptor" class="org.yourapp.struts.interceptor.AuthenticationInterceptor"/>
  <interceptor-stack name="secureStack">
    <interceptor-ref name="authenticationInterceptor"/>
    <interceptor-ref name="defaultStack"/>
  </interceptor-stack>
</interceptors>
<default-interceptor-ref name="secureStack"/> 

If you make your base action to implement UserAware then the user object that is logged in will be available not only from session but in action too if you define getter for the user or make it protected. You have to make the User object immutable so that not compromise the security feature.